Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 690b833f89 | |||
afddeceed3
|
|||
| 828c7c1300 | |||
f0c6a3c19c
|
|||
|
94f238c4af
|
|||
|
1dfdd90845
|
|||
| 660a5fee21 | |||
| 8d23542076 |
@ -18,6 +18,7 @@ steps:
|
||||
STACK_NAME: hedgedoc
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_SESSION_SECRET_VERSION: v1
|
||||
ENTRYPOINT_CONF_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
trigger:
|
||||
|
||||
@ -26,6 +26,7 @@ COMPOSE_FILE="compose.yml"
|
||||
#CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
|
||||
#CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
|
||||
#CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=ocs.data.id
|
||||
#CMD_OAUTH2_USER_PROFILE_ID_ATTR=
|
||||
#CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=ocs.data.display-name
|
||||
#CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=ocs.data.email
|
||||
#CMD_OAUTH2_PROVIDERNAME=Keycloak
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1,2 +1,2 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v12
|
||||
export ENTRYPOINT_CONF_VERSION=v13
|
||||
export PG_BACKUP_VERSION=v1
|
||||
|
||||
@ -13,6 +13,7 @@ services:
|
||||
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_ID_ATTR
|
||||
- CMD_OAUTH2_SCOPE
|
||||
secrets:
|
||||
- oauth_key
|
||||
|
||||
@ -51,10 +51,10 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.0.0+1.10.1"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.0.2+1.10.3"
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
healthcheck:
|
||||
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
|
||||
|
||||
@ -42,7 +42,7 @@ main() {
|
||||
|
||||
main
|
||||
|
||||
if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
|
||||
if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
|
||||
export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
|
||||
fi
|
||||
|
||||
|
||||
@ -1 +1,5 @@
|
||||
Upgrade to fix GHSA-6w39-x2c6-6mpf
|
||||
Upgrade to fix GHSA-6w39-x2c6-6mpf
|
||||
|
||||
BREAKING CHANGE!! new secret "session_secret" added, run:
|
||||
|
||||
abra app secret generate <app_domain> session_secret v1
|
||||
|
||||
1
release/3.0.1+1.10.3
Normal file
1
release/3.0.1+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
Security upgrade for GHSA-3983-rrqh-mvx5
|
||||
1
release/3.0.2+1.10.3
Normal file
1
release/3.0.2+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
CRITICAL FIX: since version 3 this recipe uses always sqlite as database. This patch fixes instances running postgres
|
||||
Reference in New Issue
Block a user